The BWC at 50: Exploring OSINT Opportunities and Challenges in the BWC Ecosystem

Abstract

The Biological Weapons Convention (BWC) was the first international disarmament treaty to eliminate an entire class of weapons. As it celebrates its semicentennial, the BWC is recognized for enshrining norms against the misuse of biology, even during the height of the Cold War: norms that encapsulated humanity’s repugnance of bioweapons. Nevertheless, the BWC faces unique challenges compared to other disarmament treaties, such as the Nuclear Non-Proliferation Treaty or the Chemical Weapons Convention. These include debates around verification, sociopolitical friction across the states parties, and even accusations that states parties have maintained biological weapons programs despite their treaty obligations. Many experts note difficulties in strengthening the BWC, particularly in a multipolar, competitive geopolitical environment. One potential pathway to support the BWC is using open-source information collection, analysis, and methods applied toward a “layered approach to verification [which] could help build confidence in compliance and potentially verify the BWC.” Colloquially known as open-source intelligence (OSINT), this intelligence-gathering discipline uses publicly available information and signals sources for fact-checking, investigating suspicious occurrences, and examining items of interest. This approach has shown promise in other weapons of mass destruction applications, from tracking and tracing Syrian and Russian use of chemical weapons to uncovering nuclear weapons arsenals. Further, as stakeholders generate and retain more biological data from multisource samples, now is an opportune time to examine how open-source information and methods might mitigate bioweapons risks. This is particularly germane to the present, as people explore OSINT information and methods as 1 tool to both help strengthen the BWC architecture and support transparency and norm-setting efforts outside of the treaty.

Introduction

The Biological Weapons Convention (BWC) was the first international disarmament and nonproliferation treaty to eliminate an entire class of weapons. As it celebrates its semicentennial, the BWC is recognized as having enshrined norms against the misuse of biology, even during the height of the Cold War: norms that encapsulated humanity’s repugnance of bioweapons.^1-3

Nevertheless, the BWC faces unique challenges compared to other disarmament treaties, such as the Nuclear Non-Proliferation Treaty (NPT) or the Chemical Weapons Convention (CWC). These include debates around verification, sociopolitical friction across the states parties, accusations that states parties have maintained biological weapons programs despite their treaty obligations, and the increasing polarization and securitization of the life sciences in the current sociopolitical environment.^4-6

From political gridlock to misinformation campaigns targeting bodies like the BWC, many experts note difficulties in strengthening the BWC in a multipolar, competitive geopolitical environment.⁷ One potential pathway to support the BWC is using open-source information collection and analysis methods applied toward a “layered approach to verification [that] could help build confidence in compliance and potentially verify the BWC.”⁸ Colloquially known as open-source intelligence (OSINT), this intelligence-gathering discipline uses publicly available information and signals from open sources for fact-checking, investigating suspicious occurrences, and examining items of interest.⁹

This approach has shown promise in other weapons of mass destruction (WMD) applications, from tracking and tracing Syrian and Russian use of chemical weapons to uncovering nuclear weapons arsenals.¹⁰ Further, as stakeholders generate and retain more biological data from multisource samples, now is an opportune time to examine how OSINT and methods might mitigate bioweapon risks. These approaches can raise awareness of potential activities or signals of concern; our experts likened this to OSINT’s use as a “canary in the coal mine,” where metrics such as the type of equipment used, the amount of particular growth media, and the types of pathogens being researched may help prioritize whether further scrutiny should be given to particular activities in certain countries.

This project uses the term “OSINT” to refer to and include “investigations and/or research that relies on open-source information, methods, and tools.” To this end, “information” covers all publicly available information but achieves the same outcome as it would in intelligence circles: “the product of collecting, processing, and analyzing publicly available information.”¹¹

This article provides preliminary findings from a project the authors conducted on the opportunities and challenges of leveraging “OSINT” in addressing bioweapons: a project that included interviews and conversations with experts through a working group. First, we provide a brief state of play of key events within the BWC forum, highlighting the key challenges the BWC currently faces in the 21st century, followed by an overview and background on open-source information and related analytic methodologies and the methodology we used for this project. We then discuss several case studies that highlight how an OSINT approach has found success in chemical and nuclear issues. Finally, we present the opportunities and challenges of applying OSINT in other WMD areas—translating that to potential applications and challenges of addressing deliberate biological risks—and provide a series of recommendations as countries and institutions consider how they may integrate OSINT within the BWC context.

The BWC State of Play: Recent Events and Challenges

The BWC mitigates bioweapons risks in 3 ways. First, its status as an active and long-lived legal framework shows the resilience of the norms that underpin the convention, even in the face of global turbulence.¹² Second, it served as a template for subsequent WMD arms control, disarmament, and nonproliferation treaties such as the Chemical Weapons Convention.¹³ Third, it built a unique forum to exclusively discuss biological weapons issues and life sciences developments. While the charter of the BWC initially only convened states parties, subsequent meetings have gradually added nongovernmental organizations (NGOs), multidisciplinary experts, and other stakeholders to meet the challenges of rapid life science advancements and the new actors involved in the field in recent years.⁵

Successes, while infrequent, do continue 50 years into the treaty. While verification is challenging within the BWC, the use of shared information through confidence-building measures (CBMs) allows states parties to build transparency and trust in the forum. Further, despite concerns that states were violating their obligations to the BWC and the ongoing Russian invasion of Ukraine, the BWC’s Ninth Review Conference in 2022 ended with moderate success with 2 advances: it established a working group to explore appropriate recommendations for the establishment of a science and technology (S&T) mechanism and other areas for advancement, and the BWC’s Implementation Support Unit (ISU) was authorized to increase its staff size by 1.¹⁴

Nevertheless, efforts to operationalize the treaty continue to face challenges. One challenge arose in 2001 when the United States ceased negotiations on a legally binding verification protocol based on national security grounds.¹⁵ Recent events also showcase challenges, including (1) a perceived erosion of norms against WMD use as state-led and state-sponsored chemical attacks have increased, (2) the misaligned pace of slow governance advances in a rapidly advancing field like the life sciences, and (3) the ripple effects that disinformation has on biorisks.

First, experts are concerned that norms against the research and use of WMD are eroding and are leading to similar corrosive effects within the BWC.¹⁶ Over the past 15 years, 3 states have used chemical weapons: (1) Syria during its civil war from 2012 to 2019, (2) Russia with its use of Novichok in 2018 and chloropicrin in its invasion of Ukraine, and (3) North Korea with the chemical weapons assassination of Kim Jong-Nam in 2017.¹⁷ On the nuclear side, Russia’s suspension of New START and Putin’s escalatory rhetoric on nuclear threats, the lack of consensus toward a final document during the Nuclear Non-Proliferation Treaty’s 2022 Review Conference, Russia’s de-ratification of the Comprehensive Test Ban Treaty in 2023, and other proliferation concerns raise questions on the strength of the nuclear taboo. Therefore, experts are concerned that eroding the BWC will be a key way to further undermine norms against WMD research and use, particularly as certain countries are already suspected of harboring active biological weapons programs.¹⁸

Second, biosecurity governance is exceptionally complex and slow-moving. Part of this is due to the community’s polarization on the future of biosecurity and recommendations toward action.¹⁹ Further, biosecurity is complicated by the dual-use dilemma—that the same knowledge, equipment, materials, and microbes can be applied toward both benevolent and malevolent uses.²⁰ This dynamic is complicated further by an expanding ecosystem of life sciences actors with increased access to tools and innovations. The combination of all these complexities creates significant challenges toward governance efforts: efforts that seek to balance safety and security with innovation and national interests such as the bioeconomy. This balancing act leads to consistent dynamics where technological advances outpace governance mechanisms. Further, these converging factors potentially increase the opportunities for malevolent actors to weaponize biology through (1) direct contributions to small-scale and large-scale biological weapons research and development or (2) finding creative solutions based on a mix of applied and basic life sciences advances with logistical considerations to evade security measures.

Finally, disinformation plays a large role that undermines current efforts to address biological risks. Disinformation is exacerbated by the distributed nature of information generation, combined with the porous information transfer and distribution infrastructures in democratically leaning countries.²¹ While this can benefit scientific collaboration, it also contributes to the explosion of disinformation campaigns we see today: campaigns that have characterized US–Ukraine public health efforts as biological weapons research and development activities, for example.²²

Disinformation exacerbates biological risks in 3 ways. First, state-organized disinformation campaigns, such as Russia’s narrative of a US-sponsored biological weapons program in Ukraine, create potential pretexts for states to simultaneously deploy bioweapons while blaming others.²² Second, disinformation erodes public trust, blunting the efficacy of public health efforts like disseminating accurate, verifiable information regarding disease response to the public. Finally, disinformation undermines opportunities for countries to pursue multilateral, consensus-based agreements.²³

Despite these challenges, there are also present potential opportunities. There are ways to shore up norms within the BWC forum. The dual-use dilemma is a 2-way street: the same advances that raise biological risks may also be harnessed to effectively counter them. And significant work is going into prebunking disinformation, including building trustworthy institutions and using an OSINT framework.

The Potential for OSINT in Nontraditional Contexts

The ubiquity of the internet has given access to both new and historic sources of information for everyone from the average citizen to government agencies. Further, existing tools lower the barriers to meaningfully analyze big data, such as translation software or biological science-specific platforms that host contextualized data from a variety of sources. Such advances enable transparency and build confidence amongst key stakeholders across the entire spectrum of biological threats. To this end, this section explores the use of OSINT outside of its traditional context within the intelligence community.

Definition and Applications of OSINT

Intelligence is the product of collecting, processing, and analyzing information. Intelligence is produced through a sequential process: planning and direction, collection, processing and exploitation, analysis and production, dissemination, and evaluation.⁹ Open-source intelligence (OSINT) is “intelligence produced from publicly available information that is collected, [leveraged], and disseminated promptly to an appropriate audience to address a specific intelligence requirement.”

The planning and direction stage identifies the type(s) of intelligence and the steps required before beginning an investigation. Collection uses structured methods to gather raw data from different intelligence sources. The processing and exploitation stages are where human analysts and digital tools turn raw data into usable information. This usable information is then packaged during the analysis and production phase to the intended client during the dissemination phase. Further, this final package is updated iteratively as new information and context come to light through the evaluation phase.⁹

The intelligence cycle can be used to generate a range of types of intelligence, including OSINT,^* and provides a framework for how to do so.^24,25 Within the arms control context, we frame OSINT as an investigation or research that relies on open-source information, methods, and tools (Figure).

Figure.

The Intelligence Cycle.⁹

While using publicly available information is not novel, the rise in the accessibility and impact of the internet as a ubiquitous source of information in the early 2000s, coupled with recent artificial intelligence-enabled software, have since significantly altered open-source investigations. Once the domain of formal intelligence inquiry subsections or a niche online hobby by groups of digital sleuths, OSINT has now found a more prominent place among journalists, universities, and even anonymous programmers.

Increasingly, international organizations and NGOs develop and leverage open-source informed analytic frameworks and investigative approaches for safeguard-relevant research. For example, the International Atomic Energy Agency (IAEA) uses publicly available satellite images and informants to direct investigations on state-sponsored nuclear weapons developments.²⁶ Such an approach could potentially be applied to investigating potential bioweapons programs. However, institutions will need to set precedents, metrics, and training guidelines for successfully employing open-source techniques toward bioweapons risk research—from publicly available satellite images of suspected biolabs to open-source export control and additional sources and types of data. Therefore, OSINT could emerge as a component in managing security issues, whether by international organizations or individual investigators.²⁷

Human Led, Technology Supported

Although technical capabilities have advanced, they still have significant limitations. Platforms such as Google Flu Trends (GFT) have struggled to accommodate not only the volume of data required to accurately predict something such as a flu outbreak, but also the nuances within the data itself.²⁸ During its 7 years’ run, GFT overlooked several disease outbreaks, including epidemics, that occurred off-season due to errors in its ability to pick up on atypical signals beyond the scope of its algorithm.

Analyzing raw digital data requires both subject matter expertise and technological inputs to investigate situations in an evidence-based yet nuanced manner.²⁹ Practitioners have a range of recommended tools and platforms to use, including digital visualization tools, automated web crawlers, natural languages processors, and even machine learning and artificial intelligence tools—though these tools often come and go with technological developments and increased restrictions on online information access. Such tools can certainly amplify and supplement OSINT efforts, but they are not inherently necessary as practitioners run the risk of relying on them too heavily.

Further, even the best analysts can succumb to unmitigated cognitive/confirmation biases during the collection and analysis phases, which leads to inaccurate outputs. Likewise, representational bias poses challenges especially in wider applications of OSINT. For example, representational bias is potentially 1 factor that has roused a fierce debate on the origins of the SARS-CoV-2: the causative pathogen of COVID-19.

Building systematic analytic and data management processes that involve human inputs as primary and digital inputs as secondary is critical for robust open-source investigations. This has already been done in several non-intelligence fields, especially in international human rights law, as seen with the Berkeley Protocol established by the Office of the United Nations High Commissioner for Human Rights and the Human Rights Center at the University of California, Berkeley.³⁰

While technology may supplement human-led analysis, analysts are necessary to systematically navigate overwhelming amounts of data, triangulate search terms with existing evidence, and pivot when necessary to test investigative hypotheses. Thus, digital tools and software are force multipliers that can aid this process but not lead it.

Methodology

Interviews

To explore the opportunities and challenges of utilizing OSINT within the BWC ecosystem, the researchers initially conducted informal conversations with experts across the spectrum of individuals working within and across these communities. This input informed a literature review to understand key concepts and aspects of the BWC, OSINT, and the biorisk landscape. This literature review then guided the development of our semistructured interview guide.

The researchers used this guide to conduct 20 semistructured virtual interviews held under the Chatham House Rule from August to December 2023. The team interviewed key experts with biosecurity, arms control, data science, and OSINT expertise. The team identified these experts based on the relevant experience they would bring to the conversation and the institutions they would represent to enrich the conversation. This included people who participate in the BWC and other arms control fora, work on big data aggregation and analysis, and conduct OSINT investigations into public health, health security, and WMD issues (Box).

These questions allowed the team to explore how stakeholders across academia, industry, and government are using OSINT for varied purposes across national security, public health, and bioindustrial arenas. The semistructured nature of the interviews also empowered experts to direct the conversation based on personal experiences: experiences that guided vetting the accuracy and conclusion of open-source information, as well as recommendations on dealing with biases and false information issues. Expert interviews were recorded by consent. Multiple members of the team attended each interview and took notes to ensure robust and consistent data collection.

Box. Semistructured Interview Guide

The team used the following semistructured guide to investigate the nexus of OSINT, biological risks, and the BWC. All interviewed experts had some experience in open-source information, research, and methodologies. Question 1 contextualized the expertise of the interviewee, in relation to their OSINT experiences. Questions 2 and 3 explored OSINT projects the experts conducted and discussed data collection, analysis, and transparency opportunities and challenges. Questions 4 and 5 allowed the experts to provide lessons learned, guiding principles, and final thoughts on what makes a successful OSINT investigation. Supplemental questions were pursued based on timing, opportunity, and novelty during the interview. The questions were as follows:

Please introduce yourself and tell us more about your background, especially concerning OSINT.

Could you please share your experience, such as your process for collecting and analyzing data on an OSINT project you participated in? Were there areas that proved particularly helpful toward data collection or analysis?

What were your experiences to ensure your OSINT investigation information was effectively shared? Were there any periods of a disconnect between analysis and communication to decisionmakers and, if there was, how so?

Are there any best practices you recommend for conducting biorisk open-source information analysis?

Would you like to add or clarify any unaddressed or raised issues?

Abbreviations: BWC, Biological Weapons Convention; OSINT, open-source intelligence.

Working Group

The team used qualitative approaches to analyze the interview content. This included a deep dive into experts’ characterizations of OSINT opportunities and challenges via thematic and content analyses. These analyses provided key insights, alignments, and gaps between our experts on how OSINT might support BWC efforts to mitigate bioweapons risks.

Following this analysis, the team invited a subset of experts for an OSINT working group. The goal of these meetings was 2-fold: (1) to build a better understanding of OSINT opportunities and challenges within the biological risk space and (2) to consider how these opportunities and challenges may unfold with the BWC. This working group virtually met for 3 2-hour-long sessions between March and July of 2024. The team elicited key insights and perspectives from the experts through facilitated discussions and scenario exercises.

Experts came from a variety of backgrounds, ranging from academia, industry, and government for both the initial interviews and the working group. The initial interviews provided us with a spectrum of perspectives, and we ended up choosing a smaller group of those that represented as much variance across the spectrum as possible to assemble our working group. These individuals included longtime biosecurity experts, hybrid experts that focus on biological risks and emerging tech convergence issues, public health and data scientists, and longtime actors in the BWC space. A complete list of those we touched base and learned from is available as an acknowledge in the final page of this article.

The initial interviews helped establish a baseline on the key concepts and concerns each expert had when it came to the feasibility of OSINT in biorisks, as well as how such activities may be approached to address modern challenges. Further, some experts also came from other backgrounds, such as chemical and nuclear risk reduction communications, to help take lessons learned that those communities may have had that could apply to biorisks.

Finally, within the working group, we established a series of 4 meetings to explore the possibilities and limitations of OSINT for biorisks. From level-setting and exploring what activities have been done to surveil and monitor biological risks to the potential tools and pathways we see emerging as data sources and the tools to analyze them increase and become more distributed, this working group sought to balance the promise of new technologies and approaches while balancing the hype that is often associated with emerging capabilities in the life sciences.

Project Findings: OSINT and BWC Functions

Our research identified several opportunities and challenges for utilizing OSINT to support the BWC. This section will assess the potential applications for OSINT related to the functions that operationalize the treaty, including verification, compliance, and confidence-building measures (CBM), as summarized in the Table. While none of these applications alone will overcome the key challenges facing the convention noted at the start of this paper, each offers opportunities to strengthen its function, robustness, and how states parties adhere to it.

This research also considers how the BWC stakeholder community has grown and shifted over the past 50 years. In the beginning, states parties were the sole and primary actors in the BWC. Over time, NGOs became involved to provide additional information and expert opinions as observers, not full participants, in the forum. The ISU was created following the Fifth BWC Review Conference (2006) to support the functions of the BWC. Finally, we have seen some participation from bioindustry leaders and companies as life science innovation has blossomed and been driven by public–private partnerships and industrial investment in biotechnologies; however, this continues to be a work in progress as bridges continue to be built and industry continues to grapple with the balance between upholding the norms and tenets of the BWC and ensuring they do not shut off funding opportunities based on speculative risks (Table).

Table.

Potential Applications for OSINT to the BWC by Treaty Function, Proposed OSINT Activity, and Stakeholder Involved

BWC Function	Potential OSINT Use	Potential OSINT Users
Verification	Using open-source information for investigations or conducting fact-finding missions of suspected bioweapons use by examining export/import data, satellite imagery of labs, location monitoring, public health outbreak data, etc.	UNSGM calling upon states parties to provide experts to conduct OSINT, NGOs in cooperation with the ISU or states parties
	Adding OSINT techniques to current UNSGM guidelines and procedures to promote information sharing and trust building	UNSGM; UNIDIR
	Routinely monitoring of VEREX’s 27 possible signals for verification assessments using open sources	UNSGM; states parties; international stakeholders
Confidence-building measures	Using open-source information to supplement incomplete and/or inaccurate CBM form submissions	States parties; international stakeholders
Operationalizing the treaty	Building a transparent treaty stakeholder ecosystem using an international OSINT-driven platform	States parties; international stakeholders
Operationalizing the treaty	Establishing a science and technology review mechanism to determine how OSINT can be applied to the BWC	ISU; states parties; international stakeholders (private and public sector bioindustry, NGOs, and research institutions)

Abbreviations: BWC, Biological Weapons Convention; CBM, confidence-building measures; ISU, Implementation Support Unit; NGO, nongovernmental organization; OSINT, open-source intelligence; UNIDIR, United Nations Institute for Disarmament Research; UNSGM, United Nations Secretary-General’s Mechanism; VEREX, verification experts (Ad Hoc Group of Governmental Experts).

Verification

Unlike the NPT and CWC, the BWC does not have an implementation organization or a formalized verification mechanism to assess treaty noncompliance. While the United Nations Security-General can establish the United Nations Secretary-General’s Mechanism at the request of a member state, this is a process that is entirely removed from the BWC.

Within the BWC, Article VI requires that the UNSC investigates a suspected treaty violation, which is a route recently explored by Russia concerning the misinformation of Ukraine and the United States developing biological weapons under the guise of public health activities. The UNSGM relies upon states parties to provide experts for any kind of investigation, and in this project’s scope, that would be to provide experts to carry out open-source information collection and analysis. While the BWC failed to establish a verification regime during the Ad Hoc Group process in 2001, states parties agreed to establish an S&T review: a mechanism where tools and methods, such as OSINT, could be discussed and considered for the convention.¹⁴

There is a low likelihood that BWC verification will wholly rely on open-source tools and methodologies. However, OSINT could come to play an important, complementary role in assisting states and their obligations with the treaty. The VEREX process identified 27 possible signals for verification assessments, many of which can be supplemented with OSINT, including the monitoring of trade and financial networks using open-source data, providing intelligence on personnel, facility changes, testing activities, surveillance of publications and legislation, transfers or transfer requests, and ground-based and satellite surveillance.^8,31 These signals could provide or corroborate critical indicators to raise awareness of or inform on, a decision concerning suspicious activity.

A nuanced yet structured open-source investigation in the style of Bellingcat can supplement investigations into grave security risks such as suspected noncompliance with an arms control treaty. They adopted a multifaceted approach that integrated OSINT with HUMINT findings (eg, human-derived intelligence from interviews, informants) during its investigation into the 2018 Novichok use in Salisbury, United Kingdom, to determine the identity of the attacker.³² Following a structured investigative process, their team scoured databases in combination with tips from key informants to cross-check their open-source findings. This uncovered suspicious connections concerning Russia’s “retired” chemical weapons program: a compliance issue which Russia is subject to as a signatory of the CWC.³³

Bellingcat set a precedent for the kind of OSINT-driven cooperation between NGOs, experts, and international organizations (such as the OPCW and IAEA) that could work in collaboration to strengthen existing arms control regimes. This kind of OSINT investigation conducted by an external yet credible organization might be replicated to support the BWC. This application would be more of a citizen-led, grassroots effort, not a true substitute for an implementation body - a potential challenge as not all states parties may be aligned that such efforts would be value-add to the forum.

However, OSINT-driven cooperation may be better than the status quo. Further, Bellingcat’s efforts provided critical supplemental and verifiable evidence for the OPCW to not only use when needed but also to raise public awareness of an important global security risk.

While OSINT might produce greater transparency in compliance, it will face challenges. First, any claim of treaty noncompliance is affected by the longstanding political dynamics of BWC state party blocs. Further, the burden of proof for noncompliance may become increasingly difficult as technologies advance and practices change, requiring more corroborating signals with higher fidelity and adapting to signal changes. It is also important to note that NGOs have a limited capacity in for a like the BWC—they serve as observers and do not serve an official function within these bodies and, thus, would be supplemental and only included at the behest of states parties. Finally, the dual-use nature of the life sciences is particularly pernicious and obfuscates delineations between defensive and offensive research and development.²⁰

Nevertheless, implementing a sound OSINT practice that features credible and accurate assessments could support efforts by one state to produce verifiable evidence on another. This, in turn, can support the UNSGM.

Confidence-Building Measures

Developed across multiple BWC review conferences, confidence-building measures (CBMs) seek to build trust by sharing life sciences activities across states parties. CBMs require states to fill out different forms about peaceful and potential activities of concern regarding life sciences research and outcomes. States then submit these CBMs to the BWC ISU, which ensures states parties have access to the submissions.

However, the CBM mechanism does have its shortcomings. Given the voluntary nature of the CBMs, there is a tension between soliciting submissions from willing states parties versus forcing countries to submit information through a legally binding mechanism, such as that with the CWC or NPT. Further, the overall rate of CBM report submissions has been low, with only half of states parties submitting forms in 2022. Finally, even when states parties submit CBMs, these submissions are often incomplete as they can be onerous, challenging, and require significant visibility across a country’s whole-of-government activities.³⁴

OSINT may help states parties with CBM submissions and completion rates. States could outsource OSINT experts or expert organizations to provide relevant and supplemental information if a submission is found incomplete. Researchers have already used OSINT with historic BWC data to evaluate and assess specific gaps in the CBMs. Early efforts to increase transparency through open source within the BWC include the German- and EU-funded digital CBM submission portal, which allows states parties to share their CBM forms with other states parties or elect to make the forms publicly available.³⁵ The Research Group for Biological Arms Control at Hamburg University evaluated the completeness and accuracy of submitted CBM forms by comparing their contents to open-source material in order to reveal omissions, major inconsistencies, or lack of detail.³⁶ Further, this study raised questions on whether certain omissions in CBMs may be deliberate.

The ISU would not directly incorporate OSINT into their work nor conduct such work themselves, as the body does not handle any tasks related to compliance or verification. That said, there are other avenues for OSINT to impact the BWC ecosystem. While the ISU has the task of facilitating certain activities (including receiving and distributing CBMs to states parties), states parties are the ones who conduct activities to gather and process information for submission via CBMs to the BWC.

States parties may use OSINT for internal or external purposes. Internally, they could be used to help check, confirm, or even supplement certain pieces of open-source information for CBMs. However, external applications would be difficult. If a state were to use OSINT to fact check other states parties’ CBM submissions, this may have adverse consequences on BWC participation. Further, whatever information is acquired that way would be looked at with suspicion and likely dismissed or rejected by the affected parties. Finally, the quality and means of information collection and analysis may generate false positives and inadvertently increase geopolitical tensions. Therefore, a potential requirement for OSINT and its positive use in tandem with the BWC is to encourage independent analysis to ensure clear and verifiable information from a third party that states parties agree can do such work.

Operationalizing the BWC

In recent years, states parties’ efforts to strengthen the BWC shifted from verification through the Ad Hoc Group process toward VEREX efforts to evaluate potential technical components, challenges, and capabilities related to verification and increase CBM robustness and strengthen specific treaty articles. During the Ninth BWC Review Conference, states parties presented working papers on ways to strengthen the convention, with some suggestions of potential applications for open-source analysis and methodologies.³⁷ These contributions can broadly be broken down into 4 categories: 1.

Exploring Article VII obligations, which requires states parties to assist others who were exposed to a danger as a result of a violation of the BWC

Reviewing S&T advancements

Strengthening Article X,³⁸ which encourages the fullest possible exchange of life sciences equipment, materials, and information for peaceful purposes

Strengthening alignment across the BWC and other health security and biosecurity stakeholders

Regarding a potential application for OSINT for Article VII, India and France jointly submitted a working paper calling for the creation of an “assistance database” that would “match” specific offers and requests for assistance between states.³⁹ Japan submitted a working paper⁴⁰ summarizing the outputs of an international workshop, which corroborates the India–France paper, suggesting that a database would “operationalize” Article VII. This proposal highlights an opportunity for OSINT to be used not only to identify and investigate potential threats but also to serve as a connective tool for increasing mutual assistance and cooperation between states parties, the ISU, and other stakeholders.

States parties appear to support efforts to strengthen our foresight of S&T advancements in the life sciences and to find ways to have the treaty operate better in the 21st century. For S&T, a 2022 working paper from the United Kingdom emphasized the need for the BWC to establish S&T review mechanisms—something that has long been considered integral to the function of the treaty.^41,42 An S&T mechanism could identify potential applications for OSINT to advance the treaty or mitigate rising biological risks.

Further, the BWC has also placed further focus on understanding how to best increase access to materials, equipment, and knowledge toward peaceful biological purposes while controlling the risks of unfettered access by those that may seek nefarious ends. This balance is required through Article X of the BWC; further exploration of options of how to implement Article X may improve opportunities for countries to engage and collaborate on scientific matters together while continuing to mitigate misappropriate risks.

The last category of state party suggestions with potential for OSINT applications is strengthening the BWC’s connection to and interoperability with the broader global biosecurity architecture. France, Senegal, and Togo proposed the creation of “SecBio,” an international online platform for biosafety and biosecurity practitioners, which would have an “interactive tool to inform, train, and connect” stakeholders.⁴³ The BWC One Health Surveillance Network, proposed by Argentina and Brazil, is intended to be a mechanism for “direct dialogue, mutual support, joint-projects and exchange of best practices among animal, plant and environmental surveillance services.”⁴⁴ In these proposals, OSINT could potentially play a role as a tool used to bridge constituencies and stakeholders, fostering a whole-of-globe approach to biosecurity.

Given that the number of digital OSINT practitioners in civil society and the private sector continues to increase, there may be greater opportunity for NGO and private sector (including bioindustry leaders) engagement with the BWC. In addition to precedents set by NGOs such as Bellingcat,¹⁰ industry has the potential to use open sources and produce more transparent, alternative, and supplementary assessments to those that are disseminated by government intelligence agencies. If a suspected outbreak or some other unusual type of biological event were to occur, businesses may produce independent assessments or even serve as a source of useful information for the government of the country where the outbreak/event took place. This is not a role for one company to take; efforts should be made to encourage private sector leaders to work with governments toward greater information-driven cooperation. A transparent stakeholder ecosystem using OSINT responsibly and reliably could be a force multiplier in a way that closed sources and classified information alone cannot achieve.

Recommendations

We have explored the possibilities and challenges of applying OSINT toward nonproliferation efforts in the BWC context. Organizations and even citizen journalists have made a significant impact in uncovering key chemical and nuclear weapons information using well-researched and credible investigations relying heavily on open-source information: investigations that, in some cases, had very large policy outcomes. However, a tool is only as good as the information and methodologies that OSINT practitioners use.

Stakeholders should weigh 4 key elements when deciding whether to pursue OSINT to address current informational and relational challenges within the BWC. First, potential users (identified thus far as BWC stakeholders—experts outsourced by states parties, national governments, NGOs, and the private sector) must familiarize themselves with not only the current digital open-source platforms monitoring biological events but also how the landscape of information may change abruptly. The concept of what information is “open” is highly contextual; different people have access to different sets of information based on their professional roles and the networks they are a part of. Our experts noted how tools and databases may start as free but then switch to either a membership fee model or may even become inaccessible due to intellectual property or national security concerns. Open access is not always fixed, and practitioners must track the availability of both sources and information.

Second, our research and expert working group caution stakeholders as, despite significant successes in the nuclear and chemical fields, biology has unique considerations that may challenge future assessments of potential bioweapon research and development. Part of this is due to the dual-use nature of biology, which blunts our opportunities to confidently assess defensive versus offensive activities. Stakeholders must ensure, to the greatest extent possible, that there are checks and balances across the OSINT process to test and validate the information and the metrics used to assess offensive versus defensive applications of biology in a given facility and/or country at any given time.

Third, stakeholders interested in OSINT’s utility in the biological context must also consider how such actions would then impact the behaviors of other state and nonstate actors. OSINT is a pathway toward transparency: an outcome that certain actors may find undesirable. Without robust standards to control them, targeted disinformation campaigns and poisoning databases with false or inaccurate information may become more prevalent. This would significantly blunt OSINT’s impact on addressing bioweapons risks. We emphasize that standards for data collection, source verification, and analysis are critical for successful, safe, and credible open-source investigations in such politically tense fields. Responsible norms need to be established for OSINT–biological applications, regardless of whether they are conducted by individual actors, NGOs, international organizations, the private sector, or states parties.

Finally, it is important to identify what OSINT can do versus what stakeholders would want it to do. OSINT alone is not the silver bullet, over-the-horizon fix for the long-intractable problems of BWC verification. Nevertheless, our findings uncovered the greatest OSINT utility in 2 areas. The first is in raising awareness of potential activities or signals of concern. Our experts likened this to OSINT’s use as a “canary in the coal mine,” where metrics such as the type of equipment used, the amount of particular growth media, and the types of pathogens being researched may help prioritize whether further scrutiny should be given to particular activities in certain countries. The second area is the provision of verifiable and well-documented supporting evidence during a formal investigation into an alleged treaty violation.

The biggest challenge is that these approaches toward transparency need to be balanced with sociopolitical considerations in the BWC forum, particularly if states parties feel their sovereignty is being eroded through these “trust, but verify” approaches. Further, developing robust protocols and methods to reduce bias and mitigate risks of appropriating information to fuel false narratives are necessary as stakeholders attempt to harness the opportunities OSINT offers.

Conclusion

As international stakeholders continue to prepare for a future of increased biological risks, including possible novel bioweapons, it will be critical to disaggregate between the hope and the hype. OSINT may offer promising opportunities to strengthen international biosecurity architectures within the BWC and potentially beyond. While incorporating the strengths of OSINT tools and methodologies will be key, the interactions created through OSINT architectures between states parties, civil society, academia, and industry will be valuable as we address challenges facing the BWC. Given the everchanging nature of “open source” and the constantly changing nature of biotechnology, the question “How might OSINT be used here?” should become a perennial one for treaty stakeholders, observers, and the biosecurity field as a whole.

Footnotes

Acknowledgments

The authors would like to offer heartfelt thanks to key people that contributed significantly to this project. We wish to acknowledge our colleague, Dr. Saskia Popescu at RAND, for her significant contributions in building this project and providing subject matter expertise in her current role. The team would like to thank the following experts for their time, energy, and expertise through interviews and working group meetings on this critical topic: Henrietta Wilson and Rose Bernard (King’s College London), Gregory D. Koblentz (George Mason University), Kathleen M. Vogel and Mike Worobey (Arizona State University), John Brownstein (Boston Children’s Hospital), Sam Scarpino (Northeastern University), Dan Kaszeta (Strongpoint Security Ltd.), Nita Madhav and Chris Pardee (Ginkgo Bioworks, Inc.), Amanda Moodie (US Department of State), James Revill (UNIDIR), Gigi Gronvall and Matthew Shearer (Johns Hopkins Center for Health Security), Eddie Holmes (Australian Academy of Science), Matt Korda (Federation of American Scientists), Lindsay Freeman and Alexa Koenig (UC Berkeley Law), Gunnar Jeremias and Anna Krin (University of Hamburg), Mike Worobey (University of Arizona), Lennie Phillips (RUSI), and Glenn Cross (Crossbow Analytics).

References

Guillemin

. Scientists and the history of biological weapons: a brief historical overview of the development of biological weapons in the Twentieth Century. EMBO Rep., 2006; 7(Spec No):S45-S49.

United Nations. Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on their Destruction. Published April 10, 1972. Accessed July 29, 2025. https://www.un.org/en/genocideprevention/documents/atrocity-crimes/Doc.37_conv%20biological%20weapons.pdf

Littlewood

. Potential Outcomes of the Ninth BWC Review Conference. Geneva: United Nations Institute for Disarmament Research; 2021. Accessed September 16, 2025. https://unidir.org/files/2022-03/UNIDIR_Potential_Outcomes_9th_BWC_RevCon.pdf

Sims

. A simple treaty, a complex fulfillment: a short history of the Biological Weapons Convention review conferences. Bull At Sci. 2016:67(3):8-15.

Lim

Y-B

, Vogel

, Gillum

. Preparing for Twenty-First-Century bioweapons. Issues Sci Tech. Published December 8, 2022. Accessed September 16, 2025. https://issues.org/bioweapons-biological-weapons-convention-bwc-ngos/

Cross

. Long ignored: the use of chemical and biological weapons against insurgents. War on the Rocks. August 15, 2017. Accessed September 16, 2025. https://warontherocks.com/2017/08/long-ignored-the-use-of-chemical-and-biological-weapons-against-insurgents/

Koblentz

, Lentzos

. A plan b to strengthen biosafety and biosecurity. Think Global Health. November 15, 2022. Accessed September 16, 2025. https://www.thinkglobalhealth.org/article/plan-b-strengthen-biosafety-and-biosecurity

Revill

. Verifying the BWC: A Primer. Geneva: United Nations Institute for Disarmament Research; 2023. Accessed January 1, 2025. https://unidir.org/publication/verifying-the-bwc-a-primer/

US Office of the Director of National Intelligence (ODNI). U.S. National Intelligence: An Overview 2011. Washington, DC: ODNI; 2011. Accessed September 16, 2025. https://www.dni.gov/files/documents/IC_Consumers_Guide_2011.pdf

10.

Suarez

. How Bellingcat collects, verifies, and archives digital evidence of war crimes in Ukraine. Reuters Institute at the University of Oxford. Published February 21, 2023. Accessed September 16, 2025. https://reutersinstitute.politics.ox.ac.uk/news/how-bellingcat-collects-verifies-and-archives-digital-evidence-war-crimes-ukraine

11.

Defense Intelligence Agency, Open Source Intelligence (OSCINT). Accessed December 14, 2024. https://www.dia.mil/About/Open-Source-Intelligence/

12.

Balmer

, McLeish

, Spelling

. Understanding Biological Disarmament: The Historical Context of the Origins of the Biological Weapons Convention (BWC). Brighton and London: University of Sussex, University College London, Arts & Humanities Research Council; 2017. Accessed September 16, 2025. https://www.ucl.ac.uk/sts/sites/sts/files/ahrc_report_270717.pdf

13.

Shearer

, Potter

, Vahey

, Connell

, Gronvall

. BWC assurance: increasing certainty in BWC compliance. Nonproliferation Rev. 2022; 29(1-3):47-49.

14.

Mackby

, Katakam

. BWC review conference dispatch: a cliffhanger conference seeks to strengthen Biological Weapons Convention. Arms Control Today. January/February 2023. Accessed September 16, 2025. https://www.armscontrol.org/act/2023-01/arms-control-today/bwc-review-conference-dispatch-cliffhanger-conference-seeks

15.

Walker

. Reflections on the 2001 BWC protocol and the verification challenge. Nonproliferation Rev. 2020; 27(4-6):507-508.

16.

Mauroni

, Kallenborn

, Carus

, Fizer

. A weapons of mass destruction strategy for the 21st Century. War on the Rocks. September 8, 2021. Accessed September 16, 2025. https://warontherocks.com/2021/09/a-weapons-of-mass-destruction-strategy-for-the-21st-century/

17.

North Atlantic Treaty Organization (NATO). NATO 2022. Strategic Concept. Brussels: NATO; 2022. Accessed September 16, 2025. https://www.nato.int/nato_static_fl2014/assets/pdf/2022/6/pdf/290622-strategic-concept.pdf

18.

US Department of State (DOS). Adherence to and Compliance With Arms Control, Nonproliferation, and Disarmament Agreements and Commitments . Washington, DC: DOS; 2024. Accessed December 27, 2024. https://www.state.gov/wp-content/uploads/2024/04/2024-Arms-Control-Treaty-Compliance-Report.pdf

19.

Franz

. Biosecurity community divided over best ways to mitigate risk. Bull At Sci. March 20, 2025. Accessed May 18, 2025. https://thebulletin.org/2025/03/biosecurity-community-divided-over-best-ways-to-mitigate-risks/

20.

Epstein

. Preventing biological weapon development through the governance of life science research. Biosecur Bioterror., 2012; 10(1):17-37.

21.

Zittrain

. The generative internet. Harvard Law Rev. 2006; 119(7):1974-2040.

22.

Zanders

. The Biological and Toxin Weapons Convention Confronting False Allegations and Disinformation . Non-Proliferation and Disarmament Paper No. 85, October 2023. Stockholm: EU Non-Proliferation and Disarmament Consortium; 2023. Accessed September 16, 2025. https://www.sipri.org/sites/default/files/2023-10/eunpdc_no_85_0.pdf

23.

Gamberini

, Moodie

. The virus of disinformation: echoes of past bioweapons accusations in today’s COVID-19 conspiracy theories. War on the Rocks. April 6, 2020. Accessed September 16, 2025. https://warontherocks.com/2020/04/the-virus-of-disinformation-echoes-of-past-bioweapons-accusations-in-todays-covid-19-conspiracy-theories/

24.

Bernard

, Sullivan

. The use of HUMINT in epidemics: a practical assessment. Intell Natl Secur. 2020; 35(4):493-501.

25.

Giancarlo

. First steps to getting started in open source research. Bellingcat. Published November 9, 2021. Accessed September 16, 2025. https://www.bellingcat.com/resources/2021/11/09/first-steps-to-getting-started-in-open-source-research/

26.

Aday

, Livingston

. NGOs as intelligence agencies: the empowerment of transnational advocacy networks and the media by commercial remote sensing in the case of the Iranian nuclear program. Geoforum. 2009; 40(4):514-522.

27.

Ünver

. Digital Open Source Intelligence and International Security: A Primer. Istanbul: Centre for Economics and Foreign Policy Studies; 2018. Accessed September 16, 2025. https://www-jstor-org-443.web.bisu.edu.cn/stable/resrep21048

28.

Eldridge

, Hobbs

, Moran

. Fusing algorithms and analysts: open-source intelligence in the age of ‘Big Data.’ Intell Natl Secur. 2017; 33(3):397-406.

29.

Pattar

, Whitesmith

. Structured analysis techniques and OSINT. Janes Podcast YouTube page. June 17, 2020. https://www.youtube.com/watch?v=IzSxofKBXf8&t=3125s

30.

Office of the United Nations High Commissioner for Human Rights, Human Rights Center at the University of California, Berkeley School of Law. Berkeley Protocol on Digital Open Source Investigations: A Practical Guide on the Effective Use of Digital Open Source Information in Investigating Violations of International Criminal, Human Rights, and Humanitarian Law. New York and Geneva: United Nations; 2022. Accessed September 16, 2025. https://www.ohchr.org/sites/default/files/2024-01/OHCHR_BerkeleyProtocol.pdf

31.

Ad Hoc Group of Governmental Experts to Identify and Examine Potential Verification Measures From a Scientific and Technical Standpoint. Summary report. Published September 24, 1993. Accessed September 16, 2025. https://docs-library.unoda.org/Biological_Weapons_Convention_-_Ad_Hoc_Group_on_VEREX_Fourth_session_(1993)/BWC_CONF.III_VEREX_09.pdf

32.

Bellingcat Investigation Team. Skripal suspect Boshirov identified as GRU Colonel Anatoliy Chepiga. Bellingcat. Published September 26, 2018. https://www.bellingcat.com/news/uk-and-europe/2018/09/26/skripal-suspect-boshirov-identified-gru-colonel-anatoliy-chepiga/

33.

Bellingcat Investigation Team. Russia’s clandestine chemical weapons programme and the GRU’s Unit 29155. Bellingcat. Published October 23, 2020. https://www.bellingcat.com/news/uk-and-europe/2020/10/23/russias-clandestine-chemical-weapons-programme-and-the-grus-unit-21955/

34.

Lentzos

, Hamilton

. BWC Confidence Building Measures: Preparing for a Comprehensive Review of the CBM Mechanism at the Seventh BWC Review Conference: 2009-2010 Workshop Series Report. London: London School of Economics; 2010. Accessed September 24, 2025. https://kclpure.kcl.ac.uk/ws/portalfiles/portal/9600712/Workshop_Report_2010_ONLINE_VERSION_9_AUG.pdf

35.

United Nations BWC Confidence Building Measures (CBM). CBM report submissions. Accessed September 24, 2025. https://bwc-cbm.un.org/

36.

Isla

. Strengthening the BWC’s Confidence Building Measure Regime: A Catalogue of Recommendations . Occasional Paper No 3. Hamburg, Germany: Research Group for Biological Arms Control at Hamburg University; 2007. Accessed September 24, 2025. https://www.biological-arms-control.org/publications/Catalogue%20of%20recommendations_final.pdf

37.

United Nations Office for Disarmament Affairs. Biological Weapons Convention—Ninth Review Conference (2022). Accessed September 24, 2025. https://meetings.unoda.org/bwc-revcon/biological-weapons-convention-ninth-review-conference-2022

38.

Biological Weapons Convention Article X Assistance and Cooperation Database. Capacity building, training and education. Accessed January 20, 2025. https://bwc-articlex.unog.ch/type-offer/capacity-building-training-and-education

39.

India, France. Ninth Review Conference of the States Parties to the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction. Proposal for the establishment of a database for assistance under Article VII of the Biological and Toxin Weapons Convention. Published November 16, 2022. Accessed September 24, 2025. https://undocs.org/Home/Mobile?FinalSymbol=bwc/conf.ix/wp.22&Language=E&DeviceType=Desktop&LangRequested=False

40.

Japan. Ninth Review Conference of the States Parties to the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction. Strengthening national, sub-regional and international capacities to prepare for and respond to the deliberate use of biological weapons”: final project report. Published August 2, 2022. Accessed September 24, 2025. https://undocs.org/Home/Mobile?FinalSymbol=BWC/CONF.IX/WP.1&Language=E&DeviceType=Desktop&LangRequested=False

41.

United Kingdom. Ninth Review Conference of the States Parties to the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction. Advances in science and technology: impact on response to the COVID-19 pandemic and relevance to Article VII of the Biological and Toxin Weapons Convention. Published November 1, 2022. Accessed September 24, 2025. https://undocs.org/Home/Mobile?FinalSymbol=bwc/conf.ix/wp.9&Language=E&DeviceType=Desktop&LangRequested=False

42.

Jakob

. The 9th Review Conference of the Biological Weapons Convention. PRIF Blog. Published February 7, 2023. Accessed September 24, 2025. https://blog.prif.org/2023/02/07/the-9th-review-conference-of-the-biological-weapons-convention/

43.

France, Senegal, Togo. Ninth Review Conference of the States Parties to the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction. Proposal for establishment of an international platform dedicated to biosecurity and biosafety: SecBio. Published November 16, 2022. Accessed September 24, 2025. https://undocs.org/Home/Mobile?FinalSymbol=bwc/conf.ix/wp.23&Language=E&DeviceType=Desktop&LangRequested=False

44.

Argentina, Brazil. Ninth Review Conference of the States Parties to the Convention on the Prohibition of the Development, Production and Stockpiling of Bacteriological (Biological) and Toxin Weapons and on Their Destruction. The BWC One Health Surveillance Network—building an international network of institutions for the surveillance, prevention, preparedness, response and assistance in case of biological incidents against agriculture, livestock and biodiversity. Published November 14, 2022. Accessed September 24, 2025. https://undocs.org/Home/Mobile?FinalSymbol=bwc/conf.ix/wp.19&Language=E&DeviceType=Desktop&LangRequested=False